Network traffic monitoring
First Claim
Patent Images
1. A network traffic monitoring method, comprising:
- generating packet information for packets destined for a target subnet;
inserting breakpoint triggers into an application to detect socket activities performed by the application and by sub-processes of the application at the target subnet;
identifying network connections associated with the application running on a device, based on the socket activities performed by the application;
aggregating an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet based on the identified network connections and the packet information, the aggregating ignoring network traffic between other applications running on the device and devices in other subnets; and
estimating an expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet.
2 Assignments
0 Petitions
Accused Products
Abstract
A network traffic monitoring method includes generating packet information for packets destined for a target subnet. The method includes identifying network connections associated with an application running on a device based on socket activities performed by the application. The method further includes filtering out network traffic information between the application and the target subnet based on the identified network connections and the packet information.
-
Citations
15 Claims
-
1. A network traffic monitoring method, comprising:
-
generating packet information for packets destined for a target subnet; inserting breakpoint triggers into an application to detect socket activities performed by the application and by sub-processes of the application at the target subnet; identifying network connections associated with the application running on a device, based on the socket activities performed by the application; aggregating an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet based on the identified network connections and the packet information, the aggregating ignoring network traffic between other applications running on the device and devices in other subnets; and estimating an expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15)
-
-
9. A non-transitory computer readable medium comprising memory having instructions that, when executed by a processor, cause the processor to:
-
generate packet information for packets sent to a target subnet; insert breakpoint triggers into an application to detect socket activities performed by the application and by sub-processes of the application at the target subnet; identify network connections associated with the application based on socket activities of the application; aggregate an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet from the identified network connections and packet information, the aggregating ignoring network traffic between other applications running on the device and devices in other subnets; and estimate expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet. - View Dependent Claims (10, 11)
-
-
12. A network traffic monitoring system comprising:
-
a network sniffer engine to generate packet information for packet traffic to a target subnet; a hook engine to identify network connections associated with an application running on a device based on socket activities of the application by inserting breakpoint triggers into the application to detect socket activities performed by the application and by sub-processes of the application at the target subnet; and a filter engine to aggregate an amount of network traffic information by identifying an amount of incoming traffic and an amount of outgoing traffic that has passed between the application and the target subnet based on the identified network connections and packet information corresponding to the target subnet, the filter engine ignoring network traffic between other applications running on the device and devices in other subnets; and a communication engine to estimate an expected cost of the aggregated amount of network traffic information attributed to the application and the target subnet. - View Dependent Claims (13, 14)
-
Specification